Information Flow Control

The goal of our research is to develop techniques and tools
that, for the first time ever, will allow practical control of privacy
of information. The work will allow importing of mobile code, for
example, in an active network, while ensuring both the privacy of information
belonging to the imported code, and the privacy of information in the node
that imports the code.

Our approach will lead to an innovative security model that allows static
checking of security properties, a new annotation language for expressing
security properties statically, extensions to JAVA that allow code to use
the new model, and lightweight tools for checking security properties of
both source code (via a new compiler) and bytecodes (via a new bytecode
verifier). We also plan to study the runtime support needed by the
model, and in particular what is needed to provide a trusted execution
platform that runs imported code on imported data while ensuring the privacy
of both local and imported information.

We will also develop technology that ensures data integrity in the
presence of malicious attacks. This research will define BFT, a
new replication algorithm that can withstand Byzantine failures in an
asynchronous environment such as the Internet. In addition, the
algorithm will be made available via a program library, allowing
arbitrary applications to be hardened against malicious attacks. More
information on this work can be found on the BFT
page.